[Dailydave] Improvements
Dave Aitel
dave.aitel at gmail.com
Wed Feb 15 10:59:39 EST 2017
http://www.securityweek.com/crowdstrike-sues-nss-labs-prevent-publication-test-results
[image: fRPrLXf.jpg]
One thing I've had problems with is learning that people can "get gud".
It's one of the reasons I always cringe at the inevitable policy trope of
"Cyber war is easier for attackers than defenders. Yesterday I was talking
to a professional CISO - one of the ones I've known for years out of the
NYC scene. He's like "Yes, individually none of the stuff anyone sells you
works at all. But once you connect, say, Bromium, to the BlueCoat API with
a bit of analysis glue you can have five minute response metrics, where
once you find any anomaly, you can do memory searches for that running
anywhere in your org, then automatically stuff those machines on their own
VLANS.
"When I join a new org, whatever random vendors they've bought into, I can
make that really work. It does't really matter what they have, as long as
they have something."
Automated response has always been the real market. I can see people
actually DOING it now, even though no product vendor wants to talk about
it. And it's one of the few things that actually scares me as an attacker.
-dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20170215/2bde63aa/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fRPrLXf.jpg
Type: image/jpeg
Size: 102379 bytes
Desc: not available
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20170215/2bde63aa/attachment-0001.jpg>
More information about the Dailydave
mailing list